Creating public API

Hi, I’am curious if there any way to make a custom made API available without any authentication?

Like “api/system/status” can be accessed without any kind of authentication.

Sure @gdaniel,

Have you had a look to our Extension points doc? All you need to find will be in our JavaDocs, in particular for your case the WebService Interface.

I hope this will help!


I’am not sure if I miss something that could make my API accessible without authentication.

I already created the API, it gives back the correct data I want, but it only works when I’am authenticated (in our case is with SAML2). If I try to use the same API without authentication I get HTML error 401.

I mentioned “api/system/status”, because this API can be accessed without any authentication

Hmm, interesting point. Well I’m not a developer myself so I honestly don’t know, but as nothing is clearly documented about it, you can assume that it is not possible and a user must be logged-in to reach your API endpoint.


There’s no way to completely disable authentication in Web Service API.
If the server is using force authentication, then you’ll need to authenticate to access to your web service.

Why would you need to completely disable authentication in your web service ? What are your use cases ?


Hi, we planned to make the changelog of the plugin to be available and be able to link it somewhere else without giving access to the source where the is available, or making separate wiki page which update would be always an extra effort to keep it up to date.

Thanks for the use case.

Does your SonarQue instance is using the “force authentication” ?

Yes we are using SAML, my idea came from api/system/status, which works without authentication, so I thought there is a flag or something.

I’m sorry, but there’s no way to disable authentication of web services created by API.

Sad to hear that. But thanks for the clarification. :slightly_smiling_face: